Researchers found a weakness in XcodeGhost that puts it at risk for man-in-the-middle attacks.
A researcher at Bromium is expected at DerbyCon to disclose a memory corruption mitigation bypass of Microsoft Control Flow Guard.
With many government departments still reeling when it comes to security, several federal CISOs brought up a handful of new ideas at last week’s Billington Cybersecurity Summit in Washington, D.C to combat future hacks.
HackerOne released a free model that assesses an organization’s readiness to accept outside vulnerability reports.
Apple watchOS2 arrived with a host of security patches, including fixes for more than a dozen code-execution bugs.
A South Korean child monitoring app is so fraught with vulnerabilities that security researchers warn it could lead to the compromise of users’ accounts, disclosure of minors’ information, and a smattering of other issues.
iOS apps infected with the XcodeGhost malware have been removed from the App Store and three command domains communicating with infected apps have been shut down.
Adobe has released a Flash Player update that addresses 23 critical vulnerabilities in the software, many which can lead to code execution.
Exploit vendor Zerodium will host a month-long million-dollar bug bounty focused on Apple iOS 9.
As expected, Google formally announced its intent to move away from the stream cipher RC4 and the protocol SSLv3 this week, citing a long history of weaknesses in both.